It’s official: Legacy IPv4 address holders own their number blocks

A company that holds a legacy address block recently sought an opinion from the General Counsel of the U.S. National Science Foundation (NSF) about the legal status of its IPv4 address holdings.The answers make for an explosive entry in the emerging IPv4 address market. IGP Blog has obtained a copy of this letter with the name of the company and any other identifying information redacted.

The company had expressed concern “about its rights in and to a block of Internet Protocol version 4 (IPv4) numbers” and about the “purported authority over it of the American Registry of Internet Numbers” (ARIN). The company bluntly asked the NSF “Is this IPv4 Number Block [ours]?” and “Can a newly-formed organization, such as ARIN, come along years later and attempt to control or take this Number Block from us?”

NSF General Counsel Lawrence Rudolph, who has been in that position since 1995, reviewed the applicable law and answered as follows:

NSF transferred a ‘thing of value’ to the awardee under the NSF-NSI Cooperative Agreement, and that awardee in turn gave it to you. …we [NSF] know of no provision under the Cooperative Agreement which would have authorized the awardee (NSI) to unilaterally reclaim IPv4 number blocks, once distributed.

The NSF has never had a cooperative agreement, or any other agreement, with ARIN or any other similarly situated entity. In short, NSF does not believe that ARIN, or for that matter any other organization, could retroactively affect property and rights distributed to you (or any other recipient) by awardee NSI under its Cooperative Agreement with the National Science Foundation.

The NSF letter cuts the ground from under ARIN’s claims that it holds authority over the legacy address blocks not subject to a Registration Services Agreement (RSA) or Legacy Registration Services Agreement (LRSA) contract. The letter is available here.

22 comments

Exactly what, though, was the “thing of value”? Was it the numbers themselves? (When can you own a number on my computer?) Or was it rather the authority to grant rights in the context of the network as it then existed? If the latter, on what grounds did this authority to set numbering policy run to bind parties outside the government and its grantees? On what authority? Not, I suspect, the statutes cited.

The letter does not tell us, so there’s still a gap in the logic chain.

That said, I agree that the better view is that ARIN has no power to reclaim number blocks from legacy holders who have not signed a contract giving ARIN that power. But not for the reasons given in this letter — it’s straight simple contract law.

I suspect the letter is of greater relevance for the position of government agencies with legacy blocks than it is for private parties, although to the extent that some of the private actors may worry that their status as government contractors somehow could undermine their underlying legal position in default contract law,this should give them a degree of comfort.

As pointed out by Michael Froomkin, the letter actually doesn’t say anything that wasn’t already known. The letter acknowledges that address assignments are of value, but doesn’t actually specify what rights to them parties received (nor even what precisely “address assignments” are)

The concern has never been about ARIN unilaterally reclaiming number resources; it has been about changes to the number resources in the registry and whether such changes must comply with community policy.
The letter further does not address in the least ARIN’s operation of the registry, despite any assertions you make to the contrary, and ARIN continues to abide the principles by which we were founded of self-governance for the number resources.

I confess that am puzzled by Prof. Froomkin’s argument that the ‘thing of value’ here is somehow ambiguous or not well understood. The thing of value is clearly a block of unique IP numbers that can be used as addresses on the public Internet. Perhaps it would be clearer if we were speaking of domain names, which for some reason seem to be more tangible to people. If I had been given the domain michael.com by NSI in 1991 it does not mean I own any and all uses of the word michael or that anyone else in the world can’t name something michael, including on their computer or servers. It simply means that I have exclusive control of the unique character string ‘michael’ under the .com domain as it manifests itself on the Internet’s DNS. Likewise for numbers. If the company in question was given number block 77 /8, it doesn’t mean that they “own” the number 77 (in a mathematical sense) or that no one else can use the digits 77 on their computer. It means that they have exclusive use of the /8 block designated by 77 in the IPv4 address space. ARIN’s registry reflects this legacy right, and if the owner of that right transfers the domain it seems to me that ARIN is obligated to update its registry to reflect the transfer, and has no right to attach new conditions to such an update. Moreover, I don’t think it’s reasonable to expect the federal laws pertaining to cooperative agreements to spell out the nature of property rights in IP number blocks, but we know what those rights are based on our understanding of Internet operations at the time the blocks were granted.
As for John’s claim that this is “nothing new,” I beg to differ. Both the company’s perceived need to ask the question and the NSF’s willingness to answer indicate that new information has been generated. Both Michael and John are correct, in my opinion, that the applicability to federal agencies is the most direct and important here (and let’s not forget that certain federal agencies are massive legacy holders), but at the very least this letter greatly weakens ARIN’s claim that it has the authority to retroactively impose policies on any buyer of a legacy block if the legacy holder chooses to exercise its right to transfer a thing of value to another entity.

If the company in question was given number block 77 /8, it doesn’t mean that they “own” the number 77 (in a mathematical sense) or that no one else can use the digits 77 on their computer. It means that they have exclusive use of the /8 block designated by 77 in the IPv4 address space.

I believe there is agreement on the above; although for clarity, I would say “They have the exclusive use of the IPv4 address block in the Internet Registry”

ARIN’s registry reflects this legacy right, and if the owner of that right transfers the domain it seems to me that ARIN is obligated to update its registry to reflect the transfer, and has no right to attach new conditions to such an update.

It is correct that ARIN reflects this legacy right, but we have some disagreement when it comes to transfers, as ARIN’s ability to allow transfers for IP number resources is constrained by policies adopted by the community. Specifically, ARIN recognizes the right of exclusive use and right to transfer in accordance with adopted policy.
To be clear, ARIN doesn’t seek to retroactively impose policies (as you suggest) but only to make sure that the resources are used in accordance with requirements of the Internet Registry system as referenced in the cooperative agreement.

Good idea to identify areas of commonality! I think we are in fundamental agreement on those, except that when you say “They have the exclusive use of the IPv4 address block in the Internet Registry” I would prefer to say “They have the exclusive use of the IPv4 address block, which the registry tracks or reflects.” When it comes to transfers, I understand your point but I think ARIN has to recognize that it cannot impose policies adopted _after_ the original transfer of the “thing of value” upon legacy holders who are not contractually bound to those policies, that is the only difference. A way to reconcile that minor difference would be for ARIN to formally adopt a policy that simply recognized that. Shall we work together to draft such a policy?

An endpoint identifier for which routing algorithms function deterministically if unique is a thing of rather limited value if the endpoint identifier allocation regime didn’t preserve uniqueness. I suggest that the “thing of value” was not some subset of the integers, used as endpoint identifiers, but a uniqueness preserving allocation regime.

Eric – You are correct: a uniqueness preserving allocation regime is what is called a registry, and while you can use any registry you want, the IAB & USG arranged for their to be an ‘Internet Registry’ which is very popular. Entries are unique only because they are part of the registry itself and that includes participation in policies and procedures of the registry which provide that uniqueness.

John — We’ve had several routing algorithms since the adoption of classfull, then classless, 32bit identifiers, as endpoint identifiers, and several uniqueness preserving allocation regimes over the larger class of endpoint identifiers — 48bits for DIX, PUx for SNA, … predating the general convergence to the DDN Suite. A registry may change its allocation regime, and it may change its type of identifiers. And as you note, two or more registries may use the same type of identifiers, and offer joint, or several, uniqueness preserving allocations, though the practicality of multiple allocators over the same range of identifiers is limited.

The point here is to distinguish between an instance of allocation with property X, and the allocator that provides allocations with property X. Had the “thing of value” conditionally granted by the USG been a subset of the 32bit identifier range, then it would be possible to argue that any allocation from that subset was a grant differing only in range. However, the original grant was the entire range, the prior allocations implicit in the continuous requirement for uniqueness of future allocations, so unlike any grant of subsets. “The thing of value” therefore, was not the block allocated to the unnamed recipient of the hypothetical “77/8″, rather it was the ability to make that unique allocation, and others.

I hope this clarifies my view on a very small nuance, the “thing of value”, transferred by government to a not-for-profit.

In essence, that is what I said. But the specific “thing of value” held by a legacy holder is not the “uniqueness preserving regime” per se, it is the specific block of numbers that were awarded by that regime (i.e., NSI in the old days of the InterNIC).

This legal opinion by the NSF invalidates several ARIN policies and practices. Namely the sentence: “…NSF does not believe the ARIN, … could retroactively affect property and rights distributed to you (or any other recipient) by awardee NSI under its Cooperative Agreement with the National Science Foundation. This sentence means the ARIN manual does not apply to legacy policy holders. Thus, when a legacy block has been through a merger or acquisition, ARIN cannot reclaim a legacy block. ARIN cannot apply needs justification to transfer of a legacy block due to IPv4 sale or IPv4 acquisition. This leaves us then with the sticking point: Is it in the ARIN’s community’s best interest to have an incorrect registry? I think not. In the opinion of IPv4 Market Group, an accurate registry prevents hijacking, and gives integrity to the correct entries in the registry. Otherwise, no entry in the ARIN registry will be believable. What do we need to do to reach consensus that legacy holders have these rights, and an accurate registry is the answer?

ARIN does not seek to retroactively affect property and rights distributed but supports the actual rights of those issued legacy address blocks. These rights were not created by NSF, as the Internet Registry was operating both before and after their period of funding for this activity (as recognized in the cooperative agreement requirement that the NSI address management tasks be performed in compliance with IAB guidance in this area.)

Although the letter is more evidence that legacy resources can be legally bought and sold without regards to ARIN policies like needs-testing, the situation is largely unchanged. ARIN tacitly acknowledges that it has no legal rights to the space, but affirms ARIN’s sole right to control the Whois registry. This is what Prof. Mueller described in the past as a game of chicken, wherein legacy holders with the legal right to sell addresses do so, and ARIN refuses to update Whois to reflect the transfer. As Sandra Brown says, this hurts registry accuracy. Since the primary role of ARIN’s stewardship is the maintenance of an accurate registry, per RFC2050 (4.1), continued insistence by the ARIN community that the registry will only be updated for transactions that follow ARIN policy is an abrogation of primary stewardship responsibility and an opening for the creation of private registries.

ARIN has not stated that it has no legal rights to this space; we have stated that we believe that IP address space needs to be managed according to the principles established in the Internet Registry system. We update all valid transfers of IP number resources, but some transfers can not be consummated because they do not meet the requirements.
To change the IP number registry contrary to the policy and requirements set by the community would actually be making the registry materially inaccurate and hence is not done.

A few years ago, ARIN sent a legacy contract form to holders of legacy address space where they clearly acknowledged they did not have the authority to force that such a contract be signed. The letter stated:

“Your organization is the registrant of legacy number resources in ARIN’s WHOIS database. Legacy resources are IPv4 addresses or Autonomous System numbers that were issued by an Internet Registry (InterNIC or its predecessors) prior to ARIN’s inception on Dec. 22, 1997. In most cases, the services provided by ARIN to maintain and update these legacy resources in the WHOIS database are not currently governed by any contractual agreement.
”

I am not sure there is a real disagreement in this thread. Curran is just trying to say “we are the registry of default, but we have no express contractual jurisdiction over legacy re-allocations”. When Microsoft purchased Nortel’s IP space, it was clear that ARIN has no legitimate role in the reassignment of legacy IP space.

Microsoft is certainly not using those 600K IP addresses — so why did ARIN approve that transfer? They approved it because they have no legitimate contractual authority over these transfers, and court of law in the US would have rejected such vacuous arguments.

The secondary point I want to make is that Microsoft hoarding unused address space is clearly not representative of community values — so it would be ethically more honest for ARIN to come clear on this matter and state that they are only providing registry service to legacy holders but are not approvers or reviewers of future transfers.

You state that When Microsoft purchased Nortel’s IP space, it was clear that ARIN has no legitimate role in the reassignment of legacy IP space. This is an interesting perspective, since both Nortel and Microsoft seemed to think otherwise, and hence cooperated with ARIN to insure that the community-developed policy was followed and that the court was simply transferring Nortel’s “rights” to the resources and not making a determination of “property” (which is indeed quite contrary to past assertions made by some folks on this blog.)

Nortel’s revised filing to the court with the Amended Sale Agreement and proposed Revised Order actually makes the point of ARIN’s role quite clearly –

9. First, under the Amended Sale Agreement NNI is proposing to transfer only the “Seller’s Rights” to the Internet Numbers, defined as “Seller’s exclusive right to use the Legacy Number Blocks, Seller’s exclusive right to transfer the Legacy Number Blocks, and any other legal and equitable rights the Seller may have in and to, the Legacy Number Blocks.” The Revised Order incorporates similar provisions.

10. Second, the revisions reflected in the Amended Sale Agreement and Revised Order were the result of negotiations between Microsoft, ARIN and NNI and, accordingly, ARIN’s counsel has informed NNI that it does not oppose entry of the Revised Order. ”

While subsequent transfers of number resources in bankruptcy have had even more direct statements of ARIN’s role in transfers, it is also evident in the NNI/Microsoft transfer for those who read the actual filings.

To Lazlo’s point that ‘there may not be real disagreement in this thread’ –

The notion that rights (including ownership rights or use rights) can exist with, and in many cases cannot exist without, some form of regulation and/or a regulatory body is pretty fundamental to American society and many other societies around the world.

One of my favorite analogies, suggested by a colleague, is that IPv4 addresses are to ARIN as cars are to the DMV .